On Sat, Dec 11, 1999 at 07:21:49PM -0800, George Bonser wrote: > On Sat, 11 Dec 1999, William Burrow wrote: > > You design your server to separate the paths that users are permitted to > > access in a consistent, logical manner. The fact that a path exists to > > the user does not mean it maps directly to any shared path on the server. > > Think of virtual domains and web sites. UIDs are irrelevant. > > > > For reading email, I cannot see any reason to allow an external user to > > peruse the entire system directory structure. It doesn't make sense. > > Excuse my ignorance on how this service is implemented, but I can't see > > this being a problem in a properly designed system. > > You can not equate http and imap in this manner. http serves files. You
Why not. An email resides in a file. In a Maildir setup, exactly one message resides in one file. With Unix mailbox format, several messages exist in one file, big deal. > can create a different path for each virtual domain. If I type in the full > path for a different domain, I see a different site. Not a big deal. You can't get from http://www.virtualOne.com to http://www.virtualTwo.com from from http://www.virtualOne.com by typing paths (other than a link directly to virtualTwo's site). It is impossible. Same deal with IMAP servers. > IMAP does not transfer mail to the user. It allows a remote user to access > their mail on a local filesystem. That is the point of IMAP. You can check I am aware of the purpose of IMAP, I have not seen the implementation. > The point is that other users on the system MUST be prevented from reading > my mail files. This is done with ownership permissions on the directory. Do that with ONE UID. Courier-IMAP does this. All users must access their mail through IMAP. It makes sense. It works. It is the way it is done. You don't own that directory according to the database in the IMAP server, you aren't allowed to enter it. Your request is turned away for entering a bad path. Just like entering a path that doesn't exist for a particular virtual domain on a web server. > Otherwise, I could log in as me but tell IMAP to use someone elses > directory and read their mail. This is why it breaks when you have more > users than you have bits to assign unique user ID's. You can't do this because the path you specify is not associated with your IMAP login ID. The database tells the server what is the acceptable base path. The path is logically constructed, so it is easy to tell apart illegal paths from legal paths. The scenario you present is all in your head. > POP3 is no big deal, SMTP is no big deal. IMAP is a big deal because it is > a direct read/write file access to a file that remains persistant on the > server. Persistency is not a big deal, email can be made to persist on POP3 servers as well, it is just not often done (and seems to be often discouraged with small quotas). I am just a little bothered by statements that implementations of Internet services are broken and useless by design. Particularly when RTFM shows otherwise. I hope my outburst is not taken the wrong way. -- William Burrow -- New Brunswick, Canada A 'box' is something that accomplishes a task -- you feed in input and out comes the output, just as God and Larry Wall intended. -- brian moore
